using nmap on 2 internal virtual machines

What's the best way to setup a home network? Why should I care about BGP?

using nmap on 2 internal virtual machines

Post by liz4rdm4n on Tue Mar 17, 2015 4:24 pm
([msg=87201]see using nmap on 2 internal virtual machines[/msg])

Hi all

I've recently installed Virtualbox and set up 2 ubuntu machines which are on a vitual internal network, with no connection to the internet. They can ping each other fine, but when i try to use nmap: sudo nmap -PS followed by the ip of the second machine, it reports back all 1000 ports are closed?

My aim is to set up a self contained environment that can't access the host or the internet and test tools between the 2 internal instances.

Help appreciated!
User avatar
liz4rdm4n
Experienced User
Experienced User
 
Posts: 66
Joined: Wed Feb 11, 2015 6:27 pm
Blog: View Blog (0)


Re: using nmap on 2 internal virtual machines

Post by cyberdrain on Tue Mar 17, 2015 4:31 pm
([msg=87202]see Re: using nmap on 2 internal virtual machines[/msg])

This might be a given, but did you check the firewalls of both systems? Are you sure both machines actually have open ports? Notice that the type of scan you selected is usually used for port 80, so you might miss some open ports. Try using e.g. sudo nmap -sS -p 1-1000 instead.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: using nmap on 2 internal virtual machines

Post by liz4rdm4n on Tue Mar 17, 2015 4:39 pm
([msg=87203]see Re: using nmap on 2 internal virtual machines[/msg])

cyberdrain wrote:This might be a given, but did you check the firewalls of both systems? Are you sure both machines actually have open ports? Notice that the type of scan you selected is usually used for port 80, so you might miss some open ports. Try using e.g. sudo nmap -sS -p 1-1000 instead.


I'm not sure. I'm pretty new to this. It does find machine ie 10.10.10.3, but when I try to scan for services on 10.10.10.3 it says all 1000 ports are closed. If i was to try your example above, where would i put the target ip of 10.10.10.3 in?

EDIT i did your example and put the ip on the end but it says all 1000 ports closed. How could I force a port open on the 2nd machine for testing?
User avatar
liz4rdm4n
Experienced User
Experienced User
 
Posts: 66
Joined: Wed Feb 11, 2015 6:27 pm
Blog: View Blog (0)


Re: using nmap on 2 internal virtual machines

Post by cyberdrain on Tue Mar 17, 2015 4:48 pm
([msg=87204]see Re: using nmap on 2 internal virtual machines[/msg])

While you could probably find that information by running "man nmap", I'll give you this one:
Code: Select all
sudo nmap -sS -p 1-1000 10.10.10.3

Note that the -sS option requires root privileges, while others like -sT do not. Another useful option to know, is that you can use the IP 10.10.10.0/24 to scan all machines from that single subnet (10.10.10.1-10.10.10.255).

Usually you'd run a ping scan first to find which machines are online (or whatever method you prefer) and only start scanning specific machines afterwards. Playing around with the options and knowing what each one does can really help in stealth, accuracy, speed and usefulness of the scans. I'd say it's a good idea reading through its manual and learning about those terms you don't understand.
Last edited by cyberdrain on Tue Mar 17, 2015 4:54 pm, edited 2 times in total.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: using nmap on 2 internal virtual machines

Post by liz4rdm4n on Tue Mar 17, 2015 4:52 pm
([msg=87205]see Re: using nmap on 2 internal virtual machines[/msg])

It does find 10.10.10.3, so no need to do a scan to find out whats on the network. It's finding out what services are running on that ip which it wont do.
User avatar
liz4rdm4n
Experienced User
Experienced User
 
Posts: 66
Joined: Wed Feb 11, 2015 6:27 pm
Blog: View Blog (0)


Re: using nmap on 2 internal virtual machines

Post by cyberdrain on Tue Mar 17, 2015 4:55 pm
([msg=87206]see Re: using nmap on 2 internal virtual machines[/msg])

liz4rdm4n wrote:EDIT i did your example and put the ip on the end but it says all 1000 ports closed. How could I force a port open on the 2nd machine for testing?

That should be the default, try running a service like ssh, a webserver, SQL server or even an FTP server on one of the ports. To know you're actually using the right settings, you could run nmap against a router or website.

liz4rdm4n wrote:It does find 10.10.10.3, so no need to do a scan to find out whats on the network. It's finding out what services are running on that ip which it wont do.

Are you running services?
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: using nmap on 2 internal virtual machines

Post by liz4rdm4n on Tue Mar 17, 2015 4:58 pm
([msg=87207]see Re: using nmap on 2 internal virtual machines[/msg])

I can't run to a website as the network is internal and no outside internet is granted.

I'm new to this and I appreciate your patience
User avatar
liz4rdm4n
Experienced User
Experienced User
 
Posts: 66
Joined: Wed Feb 11, 2015 6:27 pm
Blog: View Blog (0)


Re: using nmap on 2 internal virtual machines

Post by cyberdrain on Tue Mar 17, 2015 5:12 pm
([msg=87208]see Re: using nmap on 2 internal virtual machines[/msg])

liz4rdm4n wrote:I can't run to a website as the network is internal and no outside internet is granted.

I'm new to this and I appreciate your patience

Sure, no problem.

Try this: "service ssh start", it should run an sshd service on your system, more information here. You could then scan your system and see if the ssh service is actually running. Any service that runs on some port will work, but I'd say SSH might actually be the most useful for target practice. You could also run an image of Metasploitable instead.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: using nmap on 2 internal virtual machines

Post by liz4rdm4n on Tue Mar 17, 2015 5:17 pm
([msg=87210]see Re: using nmap on 2 internal virtual machines[/msg])

cyberdrain wrote:
liz4rdm4n wrote:I can't run to a website as the network is internal and no outside internet is granted.

I'm new to this and I appreciate your patience

Sure, no problem.

Try this: "service ssh start", it should run an sshd service on your system, more information here. You could then scan your system and see if the ssh service is actually running. Any service that runs on some port will work, but I'd say SSH might actually be the most useful for target practice. You could also run an image of Metasploitable instead.


Thanks, I'll take a look now.
User avatar
liz4rdm4n
Experienced User
Experienced User
 
Posts: 66
Joined: Wed Feb 11, 2015 6:27 pm
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests